Moxa CVE-2024-12297: Frontend Authorization Logic Disclosure Vulnerability Identified in PT Switches

Plan Patch9.2MPSA-241408Mar 6, 2025

Summary

Multiple Moxa PT switches contain a flaw in their authorization mechanism (CWE-656: Reliance on Security Through Obscurity) that allows attackers to bypass authentication despite the presence of client-side and backend verification. Attackers can exploit this to perform brute-force attacks against credentials or forge MD5 authentication hashes, gaining unauthorized access to device configuration. The vulnerability affects all versions of PT switches with no patch currently available.

What this means

What could happen

An attacker could bypass authentication on PT switches and gain unauthorized access to network configuration, potentially allowing them to modify routing, VLAN settings, or disable management functions.

Who's at risk

Network engineers and operators managing Moxa PT switches in industrial facilities, water treatment plants, and electric utilities should care. This affects any organization using PT switches for network connectivity in control system environments where switch configuration could impact availability of critical communications.

How it could be exploited

An attacker on the network can reach the management interface of a PT switch (typically port 80/443). By exploiting weak authorization logic in the backend, they can attempt brute-force attacks against credentials or forge MD5 authentication hashes to bypass login and access the switch configuration interface.

Prerequisites

Network access to the PT switch management interface (HTTP/HTTPS port)
Knowledge of or ability to enumerate valid usernames
No valid credentials required initially; exploit relies on weakness in the authentication implementation

remotely exploitablelow complexity attackno patch availableauthentication bypassaffects network infrastructure

Exploitability

Low exploit probability (EPSS 0.2%)

Affected products (1)

ProductAffected VersionsFix Status

PT SwitchesAll versionsNo fix (EOL)

Remediation & Mitigation

0/4

Do now

0/3

HARDENINGRestrict network access to PT switch management interfaces using firewall rules; allow only authorized engineering workstations and management VLANs

HARDENINGChange all default management passwords on PT switches to strong, unique credentials

HARDENINGMonitor PT switch management interface access logs for brute-force attempts or unusual access patterns

Mitigations - no patch available

0/1

PT Switches has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:

HARDENINGImplement network segmentation to isolate management traffic for PT switches from general operational technology networks

CVEs (1)

CVE-2024-12297

View full Moxa Security advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/ef9cd001-fc9a-423f-8c5f-32f9d86a58ab